The nsswitch.conf File
The default nsswitch.conf file that is installed when you install the Solaris operating environment for the first time is determined by which naming service you select during the Solaris software installation process. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more sources, such as NIS+ tables, NIS maps, the DNS hosts table, or local /etc, where the client is to look for that information. When you chose a naming service, the switch template file for that service is copied to create the new nsswitch.conf file. For example, if you choose NIS+, the nsswitch.nisplus file is copied to create a new nsswitch.conf file.
An /etc/nsswitch.conf file is automatically loaded into every machine's /etc directory by the Solaris 9release software, along with the following alternate (template) versions.
These alternate template files contain the default switch configurations used by the NIS+ and NIS services, local files, and LDAP. No default file is provided for DNS, but you can edit any of these files to use DNS. See Chapter 5, DNS Administration (Reference). When the Solaris operating environment is first installed on a machine, the installer selects the machine's default naming service: NIS+, NIS, local files, or LDAP. During installation, the corresponding template file is copied to /etc/nsswitch.conf. For example, for a machine client using NIS+, the installation process copies nsswitch.nisplus to nsswitch.conf.
If your network is connected to the Internet and you want users to be able to access Internet hosts using DNS, you must enable DNS forwarding.
Unless you have an unusual namespace, the default template file as copied to nsswitch.confshould be sufficient for normal operation.
Selecting a Different Configuration File
When you change a machine's naming service, you need to modify that machine's switch file accordingly. For example, if you change a machine's naming service from NIS to NIS+, you need to install a switch file appropriate for NIS+. You change switch files by copying the appropriate template file to nsswitch.conf.
If you are installing NIS+ on a machine using the NIS+ installation scripts, the NIS+ template script is copied to nsswitch.conf for you. In this case, you do not have to configure the switch file unless you want to customize it.
Before proceeding to change switch files, make sure the sources listed in the file are properly set up. In other words, if you are going to select the NIS+ version, the client must eventually have access to NIS+ service; if you are going to select the local files version, those files must be properly set up on the client.
Modifying the name service switch
To change to a switch file, follow these steps.
Become superuser.
Copy the alternate file appropriate for the machine's naming service over the nsswitch.conf file.
NIS+ Version (done automatically for you by NIS+ scripts)
client1# cd /etc
client1# cp nsswitch.nisplus nsswitch.conf
NIS Version
client1# cd /etc
client1# cp nsswitch.nis nsswitch.conf
Local /etc Files Version
client# cd /etc
client# cp nsswitch.files nsswitch.conf
Reboot the machine.
The nscd naming service cache daemon caches switch information. Some library routines do not periodically check the nsswitch.conf file to see whether it has been changed. You must reboot the machine to make sure that the daemon and those routines have the latest information in the file.
Note - In order to use LDAP naming services, you must also properly configure all LDAP client machines, in addition to modifying the nsswitch.conf. See for Chapter 16, Client Setup (Task) more information.
DNS and Internet Access
The nsswitch.conf file also controls DNS forwarding for clients as described in the following subsections. DNS forwarding grants Internet access to clients. For information on how to set DNS forwarding for NIS and NIS+, see System Administration Guide: Naming and Directory Services (FNS and NIS+).
IPv6 and Solaris Naming Services
Note - DNS and LDAP are IPv6 "compatible" in the sense that one can store IPv6 addresses. However, as of Solaris 9, one cannot use an IPv6 transport for client-server DNS or LDAP traffic. The LDAP naming service cannot yet function on an IPv6-only network.
NIS and NIS+ support storing IPv6 data, as well as using IPv6 transports for NIS/NIS+ protocol traffic.
The nsswitch.conf file controls search criteria for IPv6 addresses. IPv6 increases the IP address size from 32 bits to 128 bits to support more levels of addressing hierarchy and provide a greater number of addressable nodes. For more information about IPv6, its configuration and implementation, see System Administration Guide: IP Services.
Use the new ipnodes source for IPv6 addresses. The /etc/inet/ipnodes file stores both IPv4 and IPv6 addresses. The /etc/inet/ipnodes file uses the same format convention as the /etc/hosts file.
IPv6 aware naming services use the new ipnodes source for its search forwarding. For instance, if LDAP is aware of IPv6 addresses, specify the following.
ipnodes: ldap [NOTFOUND=return] files |
Caution - ipnodes defaults to files. During the transition from IPv4 to IPv6, where all naming services are not aware of IPv6 addresses, accept the files default. Otherwise, unnecessary delays (such as boot timing delays) might result during the resolution of addresses.
Caution - An application searches all ipnodes databases for IPv4 addresses before searching for IPv4 addresses in the hosts databases. Before specifying ipnodes, consider the inherent delay of searching both databases for IPv4 addresses.
Ensuring Compatibility With +/- Syntax
If +/- is used in /etc/passwd, /etc/shadow, and /etc/group files, you will need to modify the nsswitch.conffile to insure compatibility.
NIS+. To provide +/- semantics with NIS+, change the passwd and groups sources to compat and add a passwd_compat: nisplus entry to the nsswitch.conf file after the passwd or group entry as shown below.
passwd: compat passwd_compat: nisplus group: compat group_compat: nisplus
The above specifies that client routines obtain their network information from /etc files and NIS+ tables as indicated by the +/- entries in the files.
NIS. To provide the same syntax as in the Sun Operating Environment 4.x release, change the passwd and groups sources to compat.
passwd: compat group: compat
This specifies that /etc files and NIS maps as indicated by the +/- entries in the files.
Note - Users working on a client machine being served by an NIS+ server running in NIS compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.
The Switch File and Password Information
Caution - files should be the first source in the nsswitch.conf file for passwd information. If files is not the first source, network security could be weakened and users could encounter log in difficulty.
For example, in an NIS+ environment, the passwd line of the nsswitch.conf file should look like the following.
passwd: files nisplus |
In an NIS environment, the passwd line of the nsswitch.conf file should look like the following.
passwd: files nis |